Cyber Security 101

October 13, 2017

By Jason VanGotten, Colorado Restaurant Insurance —

As a restaurant owner, you’ve put your heart and soul into opening a business and running it successfully.  The responsibilities of ownership are sometimes overwhelming.  Every minute of the day is critical and typically consumed with a pressing set of high priority daily activities, such as: scheduling stock orders, coordinating schedules, closing out, and many more.  With so many tasks in a given day things like cyber security are often overlooked until it’s too late.  In a small period of time, all the hard work, money, and time you’ve invested in your business can be lost.  This is our new reality. The threats are increasingly more common whether a restaurant has multiple locations, or not.  Even large national restaurant chains (Sonic & Chipotle) have IT security holes that have allowed hackers to penetrate their networks and steal personal identifiable information.  It is a team effort between the restaurant management team (to create a process and work with employees internally), your IT provider, your point-of-sale (POS) provider, merchant services and your insurance agent to help you with these strategies.

 

Here are the facts: 

  • Malware can make its way into a POS system.
  • Credit card skimming is real.
  • There are 33 million malicious URLs on the internet today.
  • Security experts have identified 50% of the Android applications released this year could be traced to malicious data mining activities.
  • Phishing attempts are hard to spot: “read the attached pdf, word, or excel doc.”
  • It can happen by clicking the wrong item. Easy to do.
  • Additionally your friends can be hacked, and the hackers will size up your profile and pretend to be your friend communicating with you while they try to trick you into giving up a password to log into a phony site.  Maybe that is the same password you use for everything in your life?
  • Facebook, Instagram and YouTube hacking is also real.

 

The list of possible ways for your restaurant to be hacked is long.  Often the restaurant networks and the restaurant owner’s personal devices are not fully protected.  Additionally, there is currently no protection or policy in place for internal employees bringing their own devices to work.

 

What should I do?

Talk to the Colorado Restaurant Association (CRA) cyber security insurance experts.  They are partnering with security focused IT experts who can help you create an IT strategy.  The CRA also offers a cyber insurance program to help protect your business in the case of a data breach.  It is smart to be covered from all angles.

 

Attend our upcoming webinar series!

The CRA, in conjunction with their insurance company, Colorado Restaurant Insurance, will continue to highlight the subject of cyber security in an on-going series of upcoming webinars.  Come and learn more about how to protect your restaurant investment.

If it Can Happen to Equifax…it Can Happen to YOU! Protect Your Restaurant From a Data Breach

September 12, 2017

By Jason VanGotten, Colorado Restaurant Insurance —

Restaurants can learn critical lessons from Equifax’s massive data breach. When basic security precautions are not being taken with internet usage, losses are the real threat. There are two possible news headlines when a data breach occurs. One says, “Restaurant fails to follow basic security principles. Customer’s information compromised.” The other, “Despite best practices, hackers get in!”

 

It seems that people are getting breach-deaf. They hear the same warnings over and over and see the same headlines of cyber breaches. They seem to think, “It won’t happen to me! We are too small to be on the radar of a cyber-criminal.” This is why precautions are not being taken seriously. But, these are unlocked doors that allow opportunity for thieves. Cyber-criminals scan buildings and neighborhoods for Wi-Fi connections like “Linksys” and then run through a list of known “out-of-the-box” passwords to see if a network was left unlocked. The reality is that 9 out of 10 data breaches involve small businesses. 65 percent of all breaches are point-of-sale terminals or are web application attacks. 78% of small businesses do not have a cyberattack response plan.

 

Why would cyber criminals go after a small business? In most cases, the owners of small businesses have not been educated about cyber risk and many of them do not have the resources to stay ahead of the perpetrators. How can businesses protect themselves from these cyber-criminals?

 

  1. Educate and empower yourself and your employees to identify the potential issues.
  2. Know where all your sensitive structured data resides and never store cardholder data.
  3. Never transmit data that is not encrypted or over public Wi-Fi networks.
  4. Always outsource payment processing to combine point-to-point encryption and tokenization technologies.
  5. Use layered security such as multi-factor authentication which uses a combination of a password and another factor to verify identity.
  6. Install and regularly update spyware, anti-virus and malware software to help prevent and detect these from affecting your computing systems.
  7. Set social network profiles to private and check security settings. Also, be mindful of what information you post online.
  8. Protect the perimeter to prevent hackers from accessing sensitive data and your company’s computer network.

 

Cyber liability losses can strike with little to no warning, and that a vulnerability can leave you with a costly mess from data recovery to rebuilding your restaurant’s reputation. You lock your doors and turn on the alarm system at night for safety; why not take the same approach for cyber security?

 

If you have questions about cyber security, compliance, or what you can do to protect your business, contact Jason VanGotten at jvangotten@corestaurant.org

 

Sources:

Upwork Blog

Heartland Payments Systems

Trusted Choice – Colorado Insurance News

Safety Corner – Prevent restaurant theft from happening to you!

February 1, 2017

By Sean Pechan, Colorado Restaurant Insurance

We have been hearing from our clients about a recent uptick in burglaries within the Denver Metro area. Crimes against restaurants are typically crimes of opportunity, and these recent reports have definitely fallen into that category. Most often these burglaries happen after the restaurant has closed, however, in several instances a burglary has occurred during business hours. In almost every instance, the burglar has entered a back door (sometimes even during dinner rush). The perpetrator often takes cash and/or inventory food and liquor, then slips back out the back door of the restaurant.

We believe that implementation of some simple risk management steps can reduce your exposure to these types of loss. Besides costing your establishment potentially thousands of dollars, the loss of ‘peace of mind’ for you, your employees, and at times your customers is immeasurable.

Here are some examples of how we can work with you to help improve security and reduce your risk. Consider updating your security procedures and training all staff – including cleaning staff – so they understand their importance and follow the procedures. Develop practical policies in managing the risk of the backdoor of your restaurant (when it is acceptable to be open and how it should be respected). Limit the access of nonessential vendors and staff to back-of-house operations, especially the office where checks and cash on hand is managed. Keep inventory locked even during normal operations. Mark expensive equipment with ID numbers and keep detailed records of all inventory, and store the information off-premises for ease in reporting after the fact.

Contact your local police department for a business safety assessment. The CRI can also provide additional risk management techniques to reduce exposure to loss. We are available to offer guidance to protect your assets. Call us anytime at (303) 830-2972.